PUBLISHED ON: September 1, 2016
Cyber risks should have directors and officers thinking beyond cyber-specific policies that cover their companies. While these policies often cover first-party losses and third-party liabilities, they may include carve outs and exclusions pertaining to fiduciary liability or to directors and officers themselves. Just as cyber risks require input from management outside the IT department, the fallout for improperly managing corporate cyber risks reaches the boardroom. Shareholders have filed derivative suits in the wake of cyber breaches, with varying degrees of success. Regulators have made clear that they can and will enforce laws that punish companies, and their top management, for failing to adequately protect against cyber risks. Key protections against these risks lie in identifying, securing and pursuing insurance coverage beyond a cyber-policy -- mainly via Directors & Officers and Errors & Omissions policies.